Malicious PDF — malware analysis report

Static analysis result for SHA-256 812685aa99b4ad70…

MALICIOUS

PDF

14.3 KB Created: 2019-05-05 16:11:10 +01:00 Authoring application: mPDF 5.7
MD5: bd51a086be8b5606d985f244d67af152 SHA-1: 9e45c80ef2859a9fdf66e65655d7887a3080738e SHA-256: 812685aa99b4ad70f60dc80e832da6635fcc3e6e718d05c78dba41576c0ebe63
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF file contains a large number of embedded URLs, identified by the PDF_SEO_LINK_FARM heuristic, suggesting a link farm or distribution mechanism. While the document body is heavily obfuscated, the presence of numerous links to external PDF files indicates a likely attempt to direct users to malicious content or manipulate search engine results. The ML_NYX_PDF_MALICIOUS classifier also flagged this file with high confidence.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9891

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://loaminoo.linkpc.net/8099097090090099/Babysitting-Blues-by-Mickie-Matheis.pdf
    • http://loaminoo.linkpc.net/8099097091096099/First-Date-Mad-Libs-by-Mickie-Matheis.pdf
    • http://loaminoo.linkpc.net/8099097090091097/Kai-lan-and-the-Ladybug-Festival-by-Mickie-Matheis.pdf
    • http://loaminoo.linkpc.net/8099097091096098/The-Incredibles-Mad-Libs-by-Mickie-Matheis.pdf
    • http://loaminoo.linkpc.net/8099097092096093/Edward-Scissorhands-Mad-Libs-by-Mickie-Matheis.pdf
    • http://loaminoo.linkpc.net/4093097092091091/Incurable-Blues-The-Troubles-amp-Triumph-of-Blues-Legend-Hubert-Sumlin-by-Will-Romano.pdf
    • http://loaminoo.linkpc.net/1098097096094/Blues-Is-a-Feeling-Voices-and-Visions-of-African-American-Blues-Musicians-by-James-Fraher.pdf
    • http://loaminoo.linkpc.net/3099096098096097/Babysitting-Nightmares-The-Shadow-Hand-by-Kat-Shepherd.pdf
    • http://loaminoo.linkpc.net/1090097093096090099/Clarice-Bean-Guess-Who-s-Babysitting-by-Lauren-Child.pdf
    • http://loaminoo.linkpc.net/8094092099090095/--Still-Got-the-Blues-Oitekebori-Blues-by-Yukimura.pdf
    • http://loaminoo.linkpc.net/8099097090091096/Captured-by-Richard-A-Matheis.pdf
    • http://loaminoo.linkpc.net/8099097090099099/Jans-Abenteuer-by-Elisabeth-Matheis.pdf
    • http://loaminoo.linkpc.net/8099097093096096/Inverted-Edge-Tactics-How-to-cut-someone-off-of-you-by-George-F-Matheis-Jr.pdf
    • http://loaminoo.linkpc.net/8099097090090094/Captured-A-WW-II-Experience-of-Air-Force-P-O-W-S-in-Germany-by-Richard-A-Matheis.pdf
    • http://loaminoo.linkpc.net/1091098092095093/The-Delilah-Case-by-Mickie-Turk.pdf
    • http://loaminoo.linkpc.net/2090091090097094/Once-Upon-a-Rainbow-Volume-One-by-Mickie-B-Ashling.pdf
    • http://loaminoo.linkpc.net/3092099096095097/Vessel-Cutting-Cords-2-by-Mickie-B-Ashling.pdf
    • http://loaminoo.linkpc.net/4095093092090090/Loving-Edits-Basque-1-by-Mickie-B-Ashling.pdf
    • http://loaminoo.linkpc.net/3090090099092098/Impacted-Bay-Area-Professionals-1-by-Mickie-B-Ashling.pdf
    • http://loaminoo.linkpc.net/7098099098094099/Rhythms-and-Blues-Vol-2-Rhythms-and-Blues-Trilogy-2-by-Brenda-Faucon.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.